Add tests for streaming ciphers, signatures and digests

Author: whyoleg

build-logic/src/main/kotlin/ckbuild/tests/GenerateProviderTestsTask.kt

@@ -87,6 +87,7 @@ abstract class GenerateProviderTestsTask : DefaultTask() {
 
             "AesCbcTest",
             "AesCbcCompatibilityTest",
+            "AesCtrTest",
             "AesCtrCompatibilityTest",
             "AesEcbCompatibilityTest",
             "AesGcmTest",

cryptography-providers-tests-api/src/commonMain/kotlin/utils.kt

@@ -8,6 +8,7 @@ import dev.whyoleg.cryptography.*
 import dev.whyoleg.cryptography.algorithms.*
 
 import dev.whyoleg.cryptography.materials.key.*
+import kotlinx.io.*
 import kotlinx.io.bytestring.*
 import kotlin.io.encoding.*
 import kotlin.test.*
@@ -64,6 +65,11 @@ fun digest(name: String): CryptographyAlgorithmId<Digest> = when (name) {
     else          -> error("Unknown digest: $name")
 }
 
+fun Buffer(bytes: ByteString): Buffer = Buffer().apply { write(bytes) }
+
+fun Buffer.bufferedSource(): Source = (this as RawSource).buffered()
+fun Buffer.bufferedSink(): Sink = (this as RawSink).buffered()
+
 expect fun disableJsConsoleDebug()
 
 // Wasm tests on browser cannot be filtered: https://youtrack.jetbrains.com/issue/KT-58291

cryptography-providers-tests/src/commonMain/kotlin/default/AesBasedTest.kt

@@ -7,11 +7,14 @@ package dev.whyoleg.cryptography.providers.tests.default
 import dev.whyoleg.cryptography.*
 import dev.whyoleg.cryptography.algorithms.*
 import dev.whyoleg.cryptography.providers.tests.api.*
+import dev.whyoleg.cryptography.random.*
+import kotlinx.io.*
+import kotlinx.io.bytestring.*
 
 abstract class AesBasedTest<A : AES<*>>(
     private val algorithmId: CryptographyAlgorithmId<A>,
     provider: CryptographyProvider,
-) : ProviderTest(provider) {
+) : ProviderTest(provider), CipherTest {
 
     protected inner class AesTestScope(
         logger: TestLogger,
@@ -28,4 +31,40 @@ abstract class AesBasedTest<A : AES<*>>(
             block(AesTestScope(logger, context, provider, algorithm, keySize))
         }
     }
+
+    suspend fun AlgorithmTestScope<*>.assertCipherWithIvViaFunction(
+        encryptor: AES.IvEncryptor,
+        decryptor: AES.IvDecryptor,
+        ivSize: Int,
+        plaintext: ByteString,
+    ) {
+        val iv = ByteString(CryptographyRandom.nextBytes(ivSize))
+        listOf(
+            encryptor.resetIv(context).encryptWithIv(iv, plaintext),
+            encryptor.resetIv(context).encryptingSourceWithIv(iv, Buffer(plaintext).bufferedSource()).buffered()
+                .use { it.readByteString() },
+            Buffer().also { output ->
+                encryptor.resetIv(context).encryptingSinkWithIv(iv, output.bufferedSink()).buffered().use { it.write(plaintext) }
+            }.readByteString(),
+        ).forEach { ciphertext ->
+            assertContentEquals(plaintext, decryptor.decryptWithIv(iv, ciphertext))
+            assertContentEquals(
+                plaintext,
+                decryptor.decryptingSourceWithIv(iv, Buffer(ciphertext).bufferedSource()).buffered().use { it.readByteString() }
+            )
+            assertContentEquals(
+                plaintext,
+                Buffer().also { output ->
+                    decryptor.decryptingSinkWithIv(iv, output.bufferedSink()).buffered().use { it.write(ciphertext) }
+                }.readByteString()
+            )
+        }
+    }
+}
+
+// GCM mode on JDK has a check which tries to prevent reuse of the same IV with the same key.
+// we need to set random IV first to be able to reuse IV for different plaintext for the same key
+private suspend fun AES.IvEncryptor.resetIv(context: TestContext): AES.IvEncryptor {
+    if (context.provider.isJdk && this is AES.IvAuthenticatedEncryptor) encrypt(ByteString())
+    return this
 }

cryptography-providers-tests/src/commonMain/kotlin/default/AesCbcTest.kt

@@ -8,6 +8,7 @@ import dev.whyoleg.cryptography.*
 import dev.whyoleg.cryptography.algorithms.*
 import dev.whyoleg.cryptography.providers.tests.api.*
 import dev.whyoleg.cryptography.random.*
+import kotlinx.io.bytestring.*
 import kotlin.test.*
 
 private const val blockSize = 16
@@ -90,4 +91,30 @@ abstract class AesCbcTest(provider: CryptographyProvider) : AesBasedTest<AES.CBC
             assertNotEquals(data, it)
         }
     }
+
+    @Test
+    fun testFunctions() = runTestForEachKeySize {
+        if (!supportsFunctions()) return@runTestForEachKeySize
+
+        val key = algorithm.keyGenerator(keySize).generateKey()
+        val cipher = key.cipher()
+        repeat(100) {
+            val size = CryptographyRandom.nextInt(20000)
+            val data = ByteString(CryptographyRandom.nextBytes(size))
+            assertCipherViaFunction(cipher, cipher, data)
+        }
+    }
+
+    @Test
+    fun testFunctionsWithIv() = runTestForEachKeySize {
+        if (!supportsFunctions()) return@runTestForEachKeySize
+
+        val key = algorithm.keyGenerator(keySize).generateKey()
+        val cipher = key.cipher()
+        repeat(100) {
+            val size = CryptographyRandom.nextInt(20000)
+            val data = ByteString(CryptographyRandom.nextBytes(size))
+            assertCipherWithIvViaFunction(cipher, cipher, ivSize, data)
+        }
+    }
 }

cryptography-providers-tests/src/commonMain/kotlin/default/AesCtrTest.kt

@@ -0,0 +1,42 @@
+/*
+ * Copyright (c) 2024 Oleg Yukhnevich. Use of this source code is governed by the Apache 2.0 license.
+ */
+
+package dev.whyoleg.cryptography.providers.tests.default
+
+import dev.whyoleg.cryptography.*
+import dev.whyoleg.cryptography.algorithms.*
+import dev.whyoleg.cryptography.providers.tests.api.*
+import dev.whyoleg.cryptography.random.*
+import kotlinx.io.bytestring.*
+import kotlin.test.*
+
+private const val ivSize = 16
+
+abstract class AesCtrTest(provider: CryptographyProvider) : AesBasedTest<AES.CTR>(AES.CTR, provider) {
+    @Test
+    fun testFunctions() = runTestForEachKeySize {
+        if (!supportsFunctions()) return@runTestForEachKeySize
+
+        val key = algorithm.keyGenerator(keySize).generateKey()
+        val cipher = key.cipher()
+        repeat(100) {
+            val size = CryptographyRandom.nextInt(20000)
+            val data = ByteString(CryptographyRandom.nextBytes(size))
+            assertCipherViaFunction(cipher, cipher, data)
+        }
+    }
+
+    @Test
+    fun testFunctionsWithIv() = runTestForEachKeySize {
+        if (!supportsFunctions()) return@runTestForEachKeySize
+
+        val key = algorithm.keyGenerator(keySize).generateKey()
+        val cipher = key.cipher()
+        repeat(100) {
+            val size = CryptographyRandom.nextInt(20000)
+            val data = ByteString(CryptographyRandom.nextBytes(size))
+            assertCipherWithIvViaFunction(cipher, cipher, ivSize, data)
+        }
+    }
+}

cryptography-providers-tests/src/commonMain/kotlin/default/AesGcmTest.kt

@@ -7,7 +7,9 @@ package dev.whyoleg.cryptography.providers.tests.default
 import dev.whyoleg.cryptography.*
 import dev.whyoleg.cryptography.BinarySize.Companion.bits
 import dev.whyoleg.cryptography.algorithms.*
+import dev.whyoleg.cryptography.providers.tests.api.*
 import dev.whyoleg.cryptography.random.*
+import kotlinx.io.bytestring.*
 import kotlin.test.*
 
 private const val ivSize = 12
@@ -51,4 +53,34 @@ abstract class AesGcmTest(provider: CryptographyProvider) : AesBasedTest<AES.GCM
 
         assertFails { wrongKey.cipher().decrypt(ciphertext) }
     }
+
+    @Test
+    fun testFunctions() = runTestForEachKeySize {
+        if (!supportsFunctions()) return@runTestForEachKeySize
+
+        val key = algorithm.keyGenerator(keySize).generateKey()
+        listOf(96, 104, 112, 120, 128).forEach { tagSizeBits ->
+            val cipher = key.cipher(tagSizeBits.bits)
+            repeat(100) {
+                val size = CryptographyRandom.nextInt(20000)
+                val data = ByteString(CryptographyRandom.nextBytes(size))
+                assertCipherViaFunction(cipher, cipher, data)
+            }
+        }
+    }
+
+    @Test
+    fun testFunctionsWithIv() = runTestForEachKeySize {
+        if (!supportsFunctions()) return@runTestForEachKeySize
+
+        val key = algorithm.keyGenerator(keySize).generateKey()
+        listOf(96, 104, 112, 120, 128).forEach { tagSizeBits ->
+            val cipher = key.cipher(tagSizeBits.bits)
+            repeat(100) {
+                val size = CryptographyRandom.nextInt(20000)
+                val data = ByteString(CryptographyRandom.nextBytes(size))
+                assertCipherWithIvViaFunction(cipher, cipher, ivSize, data)
+            }
+        }
+    }
 }

cryptography-providers-tests/src/commonMain/kotlin/default/CipherTest.kt

@@ -0,0 +1,38 @@
+/*
+ * Copyright (c) 2024 Oleg Yukhnevich. Use of this source code is governed by the Apache 2.0 license.
+ */
+
+package dev.whyoleg.cryptography.providers.tests.default
+
+import dev.whyoleg.cryptography.operations.*
+import dev.whyoleg.cryptography.providers.tests.api.*
+import kotlinx.io.*
+import kotlinx.io.bytestring.*
+
+interface CipherTest {
+    suspend fun AlgorithmTestScope<*>.assertCipherViaFunction(
+        encryptor: Encryptor,
+        decryptor: Decryptor,
+        plaintext: ByteString,
+    ) {
+        listOf(
+            encryptor.encrypt(plaintext),
+            encryptor.encryptingSource(Buffer(plaintext).bufferedSource()).buffered().use { it.readByteString() },
+            Buffer().also { output ->
+                encryptor.encryptingSink(output.bufferedSink()).buffered().use { it.write(plaintext) }
+            }.readByteString(),
+        ).forEach { ciphertext ->
+            assertContentEquals(plaintext, decryptor.decrypt(ciphertext))
+            assertContentEquals(
+                plaintext,
+                decryptor.decryptingSource(Buffer(ciphertext).bufferedSource()).buffered().use { it.readByteString() }
+            )
+            assertContentEquals(
+                plaintext,
+                Buffer().also { output ->
+                    decryptor.decryptingSink(output.bufferedSink()).buffered().use { it.write(ciphertext) }
+                }.readByteString()
+            )
+        }
+    }
+}

cryptography-providers-tests/src/commonMain/kotlin/default/DigestTest.kt

@@ -6,6 +6,7 @@ package dev.whyoleg.cryptography.providers.tests.default
 
 import dev.whyoleg.cryptography.*
 import dev.whyoleg.cryptography.algorithms.*
+import dev.whyoleg.cryptography.operations.*
 import dev.whyoleg.cryptography.providers.tests.api.*
 import dev.whyoleg.cryptography.random.*
 import kotlinx.io.*
@@ -22,11 +23,48 @@ abstract class DigestTest(provider: CryptographyProvider) : ProviderTest(provide
             val hasher = algorithm.hasher()
             assertEquals(digestSize, hasher.hash(ByteArray(0)).size)
             repeat(8) { n ->
-                val size = 10.0.pow(n).toInt()
-                val data = CryptographyRandom.nextBytes(size)
-                val result = hasher.hash(data)
-                assertEquals(digestSize, result.size)
-                assertContentEquals(result, hasher.hash(data))
+                val maxSize = 10.0.pow(n).toInt()
+                ((1..10).map { CryptographyRandom.nextInt(maxSize) } + maxSize).forEach { size ->
+                    val data = ByteString(CryptographyRandom.nextBytes(size))
+
+                    val digest = hasher.hash(data)
+                    assertEquals(digestSize, digest.size)
+                    assertContentEquals(digest, hasher.hash(data))
+                    if (supportsFunctions()) {
+                        val chunked: UpdateFunction. () -> Unit = {
+                            val steps = 10
+                            var step = data.size / steps
+                            if (step == 0) step = data.size
+                            var start = 0
+                            while (start < data.size) {
+                                update(data, start, minOf(data.size, start + step))
+                                start += step
+                            }
+                        }
+                        val viaSource: UpdateFunction. () -> Unit = {
+                            updatingSource(Buffer(data).bufferedSource()).buffered().use {
+                                assertContentEquals(data, it.readByteString())
+                            }
+                        }
+                        val viaSink: UpdateFunction. () -> Unit = {
+                            val output = Buffer()
+                            updatingSink(output.bufferedSink()).buffered().use { it.write(data) }
+                            assertContentEquals(data, output.readByteString())
+                        }
+
+                        hasher.createHashFunction().use { function ->
+                            // test 1
+                            chunked(function)
+                            assertContentEquals(digest, function.hash())
+                            // test 2
+                            viaSource(function)
+                            assertContentEquals(digest, function.hash())
+                            // test 3
+                            viaSink(function)
+                            assertContentEquals(digest, function.hash())
+                        }
+                    }
+                }
             }
         }
 

cryptography-providers-tests/src/commonMain/kotlin/default/EcdsaTest.kt

@@ -8,11 +8,12 @@ import dev.whyoleg.cryptography.*
 import dev.whyoleg.cryptography.algorithms.*
 import dev.whyoleg.cryptography.providers.tests.api.*
 import dev.whyoleg.cryptography.random.*
+import kotlinx.io.bytestring.*
 import kotlin.io.encoding.*
 import kotlin.math.*
 import kotlin.test.*
 
-abstract class EcdsaTest(provider: CryptographyProvider) : ProviderTest(provider) {
+abstract class EcdsaTest(provider: CryptographyProvider) : ProviderTest(provider), SignatureTest {
 
     //all sizes are in bytes
     // `privateKeySizes` contains three sizes.
@@ -83,4 +84,35 @@ abstract class EcdsaTest(provider: CryptographyProvider) : ProviderTest(provider
             }
         }
     }
+
+    @Test
+    fun testFunctions() = testAlgorithm(ECDSA) {
+        if (!supportsFunctions()) return@testAlgorithm
+
+        listOf(
+            EC.Curve.P256,
+            EC.Curve.P384,
+            EC.Curve.P521,
+            EC.Curve("secp256k1"),
+        ).forEach { curve ->
+            if (!supportsCurve(curve)) return@forEach
+
+            val keyPair = algorithm.keyPairGenerator(curve).generateKey()
+
+            generateDigests { digest, _ ->
+                if (!supportsDigest(digest)) return@generateDigests
+
+                ECDSA.SignatureFormat.entries.forEach { format ->
+                    val signatureGenerator = keyPair.privateKey.signatureGenerator(digest, format)
+                    val signatureVerifier = keyPair.publicKey.signatureVerifier(digest, format)
+
+                    repeat(10) {
+                        val size = CryptographyRandom.nextInt(20000)
+                        val data = ByteString(CryptographyRandom.nextBytes(size))
+                        assertSignaturesViaFunction(signatureGenerator, signatureVerifier, data)
+                    }
+                }
+            }
+        }
+    }
 }

cryptography-providers-tests/src/commonMain/kotlin/default/HmacTest.kt

@@ -8,10 +8,11 @@ import dev.whyoleg.cryptography.*
 import dev.whyoleg.cryptography.algorithms.*
 import dev.whyoleg.cryptography.providers.tests.api.*
 import dev.whyoleg.cryptography.random.*
+import kotlinx.io.bytestring.*
 import kotlin.math.*
 import kotlin.test.*
 
-abstract class HmacTest(provider: CryptographyProvider) : ProviderTest(provider) {
+abstract class HmacTest(provider: CryptographyProvider) : ProviderTest(provider), SignatureTest {
 
     private class HmacTestScope(
         logger: TestLogger,
@@ -81,4 +82,19 @@ abstract class HmacTest(provider: CryptographyProvider) : ProviderTest(provider)
         val signature = key.signatureGenerator().generateSignature(data)
         assertFalse(wrongKey.signatureVerifier().tryVerifySignature(data, signature))
     }
+
+    @Test
+    fun testFunctions() = runTestForEachDigest {
+        if (!supportsFunctions()) return@runTestForEachDigest
+
+        val key = algorithm.keyGenerator(digest).generateKey()
+        val signatureGenerator = key.signatureGenerator()
+        val signatureVerifier = key.signatureVerifier()
+
+        repeat(10) {
+            val size = CryptographyRandom.nextInt(20000)
+            val data = ByteString(CryptographyRandom.nextBytes(size))
+            assertSignaturesViaFunction(signatureGenerator, signatureVerifier, data)
+        }
+    }
 }